Welcome to WebmasterWorld Guest from 54.166.152.121

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

error reporting and security

to remove or not to remove

     
3:09 pm on Apr 23, 2009 (gmt 0)

5+ Year Member



Hello everyone,
across my whole site I call data from my database like so:


$sql = "SELECT title FROM comments WHERE name='johndoe' LIMIT 1";
$result = mysql_query($sql, $conn)
or die('Could not get data; ' . mysql_error());
if (mysql_num_rows($result) == 0) {
} else {
while ($row = mysql_fetch_array($result)) {
...OUTPUT DATA
}
}

As I heard before this part is potentially dangerous:


or die('Could not get data; ' . mysql_error());

Should I just remove that part across my whole site once I'm done editing it?

3:51 pm on Apr 23, 2009 (gmt 0)

10+ Year Member



I would suggest writing a function that will email the error and query to yourself and then spit out a generic error message to the user like "There was a critical error encountered while performing your request. The webmaster has been notified of the problem. Please try reloading the page or try your request at a later time."

function emailError( $query, $error )
{
$time = date( 'Y-m-d H:i:s' );
$msg .= "\n<br />\n<b>Page:</b> ".$_SERVER["REQUEST_URI"];
$msg .= "\n<br />\n<b>Time:</b> ".$time;
$msg .= "\n<br />\n<b>Query:</b> ".$query;
$msg .= "\n<br />\n<b>Error:</b> ".$error;
$headers = "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: sqlerrors@example.com";
mail( 'email@example.com', $subject, $msg, $headers);
return "<h3>There was a critical error encountered while performing your request. The webmaster has been notified of the problem. Please try reloading the page or try your request at a later time.</h3>";
}

Then just call it like this:

mysql_query($sql, $conn) or die(emailError($sql, mysql_error()));
4:04 pm on Apr 23, 2009 (gmt 0)

5+ Year Member



That's a very good idea, thank you :)
11:27 pm on Apr 23, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Include a backtrace in the email as well.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month